[Pkg-giraffe-discuss] koapno-webap and php-gettext: CVE-2016-6175

Jelle van der Waa j.vanderwaa at kopano.com
Wed Jul 17 11:12:08 BST 2019


> > I'm not sure if Kopano is aware of an problematic CVE for php-gettext.
> > This package has a bug [1] within the Debian tracker with severity grave
> > because of CVE-2016-6175.
> > As visible this CVE is from 2016!! and got no attraction until now
> > upstream in the php-gettext source. So php-gettext will get removed from
> > testing on 06 August.
>
> Hi,
>
> It seems we have wrongly added php-gettext as a dependency for WebApp,
> we only depend on the gettext C functions which are available via the
> php-common package as shared library (gettext.so). I'm in the progress
> of removing the dependency from our packages since we have a fallback
> mechanism which makes us affected, but removing the php-gettext dependency
> will resolve this, since the PHP gettext API is then used. [1]
>
> [1] https://github.com/Kopano-dev/kopano-webapp/blob/master/server/includes/gettext.php#L6

Minor update, the file is never included in our PHP code so we are actually
not affected by this issue!

>
> Greetings,
>
> Jelle
>
> _______________________________________________
> Pkg-giraffe-discuss mailing list
> Pkg-giraffe-discuss at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-giraffe-discuss




More information about the Pkg-giraffe-discuss mailing list